0

i want to start a new session using a cookie, once the previous session has been destroyed.

if a cookie is set, but not a session, can i automatically, create a new session using only the cookie?

currently, i am implementing a remember me button. and part of my loggin code is 

if($rememberme=="on"){
            $user_id=mysql_result($query_run,0,'id');
            setcookie("user_id",$user_id,time()+7200);
            $_SESSION['user_id']=$_COOKIE['user_id'];
            header('Location:front_page.php');
        }else if($rememberme==""){
            echo'ok';
            $user_id=mysql_result($query_run,0,'id');
            echo $user_id;
            $_SESSION['user_id']=$user_id;
            header('Location:front_page.php');

i need to do this because if a cookie is set, but not a session, it is causing various errors on my site. because i am using the $_SESSION['userid'] variable in various places. and if the session is not set, many of my functions are not working

edit: i tried the following and it did not work.

i want to start a new session using a cookie, once the previous session has been destroyed. any other suggestions? 

set_session_from_cookie();

function set_session_from_cookie(){
if(isset($_COOKIE['user_id'])){
    $_SESSION['user_id']=$_COOKIE['user_id'];
}
}
arboles
  • 1,321
  • 4
  • 20
  • 39
  • 1
    *"can i ... create a new session using only the cookie"* - I'm not sure what that means. Cookies and sessions can both be used at the same time (in fact, sessions use cookies by default to store the user's session id). – Mike B May 09 '12 at 17:20
  • i mean, if a cookie is set, but not a session, it is causing various errors because i use the $_SESSION[userid] variable in various places. and if the session is not set, many of my functions are not working. so when a user revists the site, after destroying the session, but still has a valid cookie, then the user can login, but i cannot use the $_SESSION['user_id'] becauuse one isnt set. – arboles May 09 '12 at 17:23
  • I'd suggest **always** starting a session regardless of login status. Then, you can check `$_SESSION['userid']` to determine if they're logged in or not. `$_SESSION` will always be available but you'll need to do the normal checking before accessing keys that may or may not exist. i.e. `if (array_key_exists($_SESSION, 'userid')) { echo 'Logged In!'; }` – Mike B May 09 '12 at 17:24
  • would this work? $_SESSION['user_id'] = isset($_COOKIE['user_id'])?$_COOKIE['user_id']; – arboles May 09 '12 at 17:31

1 Answers1

1

I suggest you to use a different way for the "remember me" functionality.

You can check if the "remember me" checkbox is checked then generate a UNIQUE and secret key and put the key inside a cookie and in some user row in database.

Now, somewhere at top of pages, check for the cookie then if needed, set session.

Example

if(isset($_COOKIE["c_key"]) && !isset($_SESSION["userId"])) 
{ 
     /*
      * Here check for users matching $_COOKIE["c_key"] in database and get the userId
      */
     $_SESSION["userId"] = $user_data["userId"]; 
}

And keep using session everywhere.

Karo
  • 744
  • 4
  • 7